Student Grading System SQL注入漏洞

Student Grading System is a student grading system by the individual developer Carlo Montero. Student Grading System v1.0 has a security vulnerability that allows an attacker to perform SQL injection via user parameters...

VetBosSel Matrimony SQL注入漏洞

VetBosSel Matrimony is an online matrimonial website by VetBosSel India. VetBosSel Matrimony v1.0 suffers from a security vulnerability that can be exploited by an attacker via the Password parameter...

Pagekit SQL注入漏洞

Pagekit is a modular, lightweight CMS content management system. pagekit has a SQL injection vulnerability, which can be exploited by attackers to execute illegal SQL commands to steal sensitive data from the database...

CVE-2022-26836

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

TuziCMS SQL注入漏洞

TuziCMS Rabbit CMS is a PHP and MySQL-based enterprise content management system CMS. SQL injection vulnerability exists in TuziCMS version 2.0.6, which stems from the fact that AppManageControllerBannerController.class.php lacks validation for external input SQL statements. An attacker could use...

CVE-2022-25223

Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/viewdetails' via the 'id' parameter...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A SQL injection...

PT-2022-2037 · Fedoraproject +2 · Extra Packages For Enterprise Linux +3

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified fedoraproject extra packages for enterprise linux affected versions not specified fedoraproject fedora affected versions not specified Description: The issue is related to a lack of protection against SQ...

WordPress plugin FV Flowplayer Video Player SQL注入漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress FV Flowplayer Video Player plugin version 7.5.15.727 and earlier versions are vulnerable to SQL injection. The vulnerability...

CVE-2021-44088

An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters...

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

CVE-2021-43077

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP...

Lansweeper SQL注入漏洞

Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery and network settings scanning. Lansweeper lansweeper EchoAssets.aspx suffers from a SQL injection vulnerability that can be triggered by an attacker making an authenticated...

CVE-2022-25096

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/viewmember.php...

nuclei-templates

This repository is a collection of templates for the nuclei engine, a tool used to find security vulnerabilities in applications. The templates are used to identify potential vulnerabilities and are contributed by both the project's team and the community. The repository contains various template...

MingSoft MCMS 安全漏洞

Mcms is a complete open source J2ee system from Jiangxi Mingsoft Technology Co. Mcms v5.1 version has a SQL injection vulnerability, which can be exploited by attackers to perform sql injection via /ms/cms/content/list.do...

CVE-2022-24226

Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php...

WordPress和WordPress plugin SQL注入漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Futurio Extra plugin prior to 1.6.3, which stems from a lack of filtering and escaping of SQL data submitted by users. A highly privileg...

Unified Office Total Connect Now SQL注入漏洞

Unified Office Total Connect Now is a VoIp solution for small and medium-sized businesses from Unified Office USA. A security vulnerability exists in Unified Office Total Connect Now that stems from a database-based application that lacks validation of externally entered SQL statements. An attack...